package com.base.cn.platform.os.common.xss;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * xss漏洞过滤器
 *
 * @author s.li
 * @create 2018-03-06 9:58
 */
public class XssCodeFilter implements Filter {
    private Logger logger = LoggerFactory.getLogger(this.getClass());

    public void init(FilterConfig filterConfig) throws ServletException {
        logger.info("--------------xss filter init--------------");
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req  = (HttpServletRequest) request;
        String uri = req.getRequestURI();
        //排除路径的URL
        if(uri.contains("/pay/paySuccessCallback/") || uri.contains("/mobile/share/WeChatSignature")){
            chain.doFilter(request,response);
        }else{
            XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper(req);
            chain.doFilter(xssRequest,response);
        }
    }

    public void destroy() {
        logger.info("--------------xss filter destroy--------------");
    }
}
